An approach for testing the krb5 KDC, fixes for UPN support

Andrew Bartlett abartlet at
Mon Jan 5 17:38:02 MST 2015


Just a heads-up that I'm looking at how to test the Samba KDC, more than
just by the side-effects it shows in the krb5 libraries.  

I realise this has serious portability constraints to the MIT codebase,
but I think this is still worthwhile as a tool for verification.;a=shortlog;h=refs/heads/krb5-tests

I'm doing this because I need a basis to then implement good tests
around the correct behaviour with regards to the canonicalize flag and
enterprise principal names, for fixing our enterprise UPN support,
raised here:

The fixes I have for UPN support are here:;a=shortlog;h=refs/heads/krb5-upn

However, the back-ported Heimdal patches break our RODC, and while
Garming has done a great job finding the problem, it prompted me to
start on a much better testsuite. 

We should also have some canned windows requests to assert responses to
(with fixed up passwords/times).

I'll post this again to the list when we have some more tests written.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list